Campus Approaches to Improving Cyber Security

Awareness

Presented by:

Krizi Trivisani, Chief Security Officer

The George Washington University

EDUCAUSE Live! October 6, 2004

2

Agenda

What is security awareness?

Why is awareness important?

Awareness and Higher Education EDUCAUSE Security Education &

Awareness Working Group Higher Education Events in October Cyber Security Resources CD GW’s Cyber Security Awareness

Day

Questions

3

What is Security Awareness?

Security awareness is knowledge of potential threats. It is the advantage of knowing what types of security issues and incidents members of your organization may face in the day-to-day routine of their University functions.

Technology alone cannot provide adequate information security. People, awareness and personal responsibility are critical to the success of any information security program.

4

Why is Security Awareness Important?

Security is only as strong as it’s weakest link. Security relies on people. Technology is important, but if people are unaware of security issues, even the best technology will not ensure that information is protected.

If people are ill-prepared, information is threatened by: Social engineering Abuse of privileges and trust Misuse of systems and network Password guessing Physical access to bypass controls Theft of laptops, storage media, and other technologies Accidental disclosure Financial Fraud

5

Awareness and Higher Education

6

Security Task Force Education & Awareness Working Group

Mission/Purpose:The Education and Awareness Working Group will identify and take steps to implement and/or publicize various methods by which awareness of information technology security issues are raised amongst university and college computer and network users, administrators, and executives.

http://www.educause.edu/security

7

Security Task Force Education & Awareness Working Group

Team Goals/ Expected Outcomes (Deliverables and Metrics):

The team will:1) Identify current projects and current materials and

methods (primarily developed within the higher education and non-profit communities, but also vended products) where they have been proven to be (or may be) particularly useful to universities and colleges.

2) Use existing methods available via EDUCAUSE and Internet2 to publicize identified offerings.

3) Where gaps may exist in available offerings, commission development of programs or materials as needed.

8

Higher Education Events in October

Meeting IT Challenges: National Strategies and Local Solutions

Virginia Alliance for Secure Computing and Networking (VASCAN) and The Association of Collegiate Computing Services (ACCS)

Charlottesville, VAOctober 11-12, 2004http://www.virginia.edu/housing/conferences/Website2003/3univevents/vascan_accs/index.htm

Symposium on Cybersecurity PolicyNational Press Club in Washington, DCOctober 12-13, 2004www.cylab.cmu.edu/default.aspx?id=277

9

Higher Education Events in October

Guide to Implementing an Effective Security Education & Awareness Program

EDUCAUSE 2004 Pre-Conference SeminarDenver, ColoradoOctober 19, 1-4:30 p.m.www.educause.edu/asp/conf/function.asp?PRODUCT_CODE=E04/

SEM11P&ME

NSCA’s National Cyber Security Awareness Month Focus on Education

Week ThreeOctober 18 – 22, 2004www.staysafeonline.info

10

Cybersecurity Awareness Resources CD

The Education & Awareness Working Group of the EDUCAUSE/Internet2 Security Task Force compiled cyber security awareness resources that will be distributed on a CD.

The resources were collected to showcase the variety of security awareness efforts underway at institutions of higher education and to provide resources for colleges and universities that are looking to jump-start a program for their organization. 

11

What’s on the CD?

PamphletsPost CardsPresentationsSecurity Awareness DocumentsSecurity CardsSecurity ToolsSecurity QuizzesSurveysVideos

Book MarksBrochuresChecklists FlyersGamesGovernment ResourcesHandoutsIndustry ResourcesLinks to School’s Security Web Page(s)

12

GW’s Cyber Security Awareness Day

November 1, 2004

Targeted to GW Community but open to the public

Two main events:

Cyber Security Awareness Forum

Cyber Security Awareness Fair

FREE – thanks to help from sponsors!

13

Cyber Security Awareness Forum

Four speaker sessions“Cybersleuths: High Technology Crime Investigators”Panel Topic – “How Direct Recording Electronic (DRE) voting machines can do tomorrow what a paper ballot count could not do in the 2000 election.”“Information Security: From Brains to Bits”"Exploitation and Countermeasure in Open-access High-speed Networks"

14

Cyber Security Awareness Fair

Tables with GamesPC Security - Personal Firewalls and Patching Virus Clinic Strong AuthenticationCreating Good Passwords Identity TheftIncident Response GWirelessPeer to Peer Information Security Handouts

Other AttractionsMobile Information Warfare Lab Security Videos Area Door PrizesPopcorn StandCotton Candy StandCaricaturistFortune TellerCyber Guy and Cyber Gal to engage the community

15

Questions?

Contact Krizi Trivisani krizi@gwu.edu